0

Accidentally installed wrong package sudo apt install netplan instead of sudo apt install netplan.io from official Ubuntu repository.

I run Ubuntu 18.04, I wanted to edit DNS servers, but instead I've installed some kind of calendar package.

It seems that the package is maintained by “Ubuntu Developers” group, not MOTUs.

Is there any risk of malware? How trustworthy is the “Ubuntu Developers”?

muru
  • 197,895
  • 55
  • 485
  • 740
ubunturepsafety
  • 11
  • 1
  • 1
    The Ubuntu Developers tend to be very dependable. The risk of malware is quite small when using the Ubuntu repositories. Simply uninstall the package that you didn't want. – user535733 Sep 08 '20 at 19:09
  • 1
    Well, have you enabled any other sources (that would serve you malware)? apt only goes off the default sources + whatever sources you added. – Nmath Sep 08 '20 at 19:10
  • No, only official sources. – ubunturepsafety Sep 08 '20 at 19:14
  • Look at the changelog, ie. https://changelogs.ubuntu.com/changelogs/pool/universe/p/plan/plan_1.10.1-5build1/changelog You'll see the email address of the people who have changed it; most of which are upstream (ie. debian) which is where many Ubuntu devs (inc. MOTUs) push changes anyway (less work in the long run). If you trust Ubuntu & it's upstream Debian it's safe. – guiverc Sep 08 '20 at 22:57
  • Thank you very much. You should add this as an answer. I can flag it as valid answer so other people can find it if needed. – ubunturepsafety Sep 09 '20 at 05:59

1 Answers1

0

You installed apt install netplan

so assuming you got it from official repositories, it'll be (I'm using web sites over commands as it's easier for readers on this site)

https://packages.ubuntu.com/search?suite=all&searchon=names&keywords=netplan

For 18.04 / bionic that is

https://packages.ubuntu.com/bionic/netplan

I would check the version matches your install (1.10.1-5build1), but clicking on the "Ubuntu Changelog" link, you'll see, along with the date & reason for each change, the email address of the people who have changed it.

Most of which changes are made by upstream devs (ie. Debian) which is where many Ubuntu devs (inc. MOTUs) push changes anyway (less work in the long run though will depend on the cycle & package).

If you trust Ubuntu & it's upstream Debian it's safe

guiverc
  • 30,396